Security Engineer (Security Operations)

Summary: Everlaw is looking for a Security Engineer to join their technical security operations team. The role involves improving vulnerability management, threat detection, and incident response capabilities, as well as collaborating with various teams to ensure a secure platform for customer data. Responsibilities: - Support the team to drive improvements in our vulnerability management, threat detection, and incident response capabilities, contributing your perspective to help the team grow - Triage security events and respond to security incidents, taking action to contain them, guiding recovery of normal operations, and reducing the likelihood of recurring threats - Strengthen threat detection and response systems that safeguard both our cloud infrastructure, third-party integrations, and platform services - Develop and refine security processes, procedures, and runbooks that allow our security posture to scale as the company grows - Manage and tune AWS security services (IAM, Security Hub, GuardDuty, Config) for effective threat detection, access control, and continuous monitoring - Collaborate with Engineering, Engineering Operations, Corporate Security, and GRCT teams to help meet our operational security commitments by probing for vulnerabilities, assessing risk, and advising on how to respond to them - Advise other engineers and partners on building a secure platform by leading threat modeling sessions, conducting security design reviews, and reviewing code and configuration changes for security concerns - Proactively solve security challenges and foster a security mindset with innovative, security-conscious coworkers across Everlaw Required Qualifications: - You have at least 1-3 years of experience working in a security-focused role - You have experience in handling security events and incidents from initial triage through to remediation - You have programming skills in at least one scripting language (like Python) and are comfortable navigating a Linux environment - You have experience with security tools like vulnerability scanners (Nessus/Trivy), HIDS/NIDS (Wazuh/Zeek), and SIEM/SOAR platforms (Splunk/ELK/Datadog) - You understand the vulnerability lifecycle and have experience detecting, prioritizing, and remediating vulnerabilities - You have written detection rules and response processes for security specific events - You can explain technical concepts without jargon, keeping security relatable so that others can solve problems with your support - You balance strong protections with enabling people to do their work, finding ways to improve security without blocking innovation - You are authorized to work in the United States without restrictions Preferred Qualifications: - You have previous experience with SaaS environments and distributed systems - You have programming skills in at least one compiled language (like Java) - You have experience with AWS, Terraform, Ansible, git, and other infrastructure, development, and operations tools Required Skills: Security Incident Response, Vulnerability Management, Threat Detection, Security Operations, Python, Linux, Vulnerability Scanners, Host-based Intrusion Detection Systems, Network Intrusion Detection Systems, SIEM, SOAR, AWS Security Services, Threat Modeling, Security Design Review Benefits: Equity program, 401(k) retirement plan with company matching, Health, dental, and vision, Flexible Spending Accounts for health and dependent care expenses, Paid parental leave and approximately 10 days (80 hours) per year of sick leave, Seventeen paid vacation days plus 11 federal holidays, Membership to Modern Health to help employees prioritize mental health and wellness, Annual allocation for Learning & Development opportunities and applicable professional membership dues, Company-sponsored life and disability insurance